Welcome to the Mini BLE Firmware Repository!
Here you will find the source code running on the Mooltipass Mini BLE auxiliary and main microcontrollers.
What is the Mooltipass Project?
The Mooltipass project is a complete ecosystem aimed at providing authentication solutions. It is composed of:
- A physical device and its firmware, providing all security-related features
- Multiple browser extensions (Chrome, Firefox, Edge, Opera) for easy credentials storage & recall
- A cross-plaform user interface, for easy management of the physical device features and database
- A cross-platform software daemon, serving as an interface between device and software clients
- An SSH agent, providing password-less SSH authentication using a Mooltipass device
- A command line tool written in go to interact with the Mooltipass device
- A python library to talk to the Mooltipass through Moolticute
The Mooltipass Devices
All Mooltipass devices (Mooltipass Standard, Mooltipass Mini, Mooltipass Mini BLE) are based on the same principle: each device contains one (or more) user database(s) AES-256 encrypted with a key stored on a PIN-locked smartcard. This not only allows multiple users to share one device but also one user to use multiple devices, as the user database can be safely exported and the smartcard securely cloned.
The Mini BLE Architecture
The firmwares in this repository are made for the device architecture shown above.
The Mooltipass Mini BLE is composed of two microcontrollers: an auxiliary one dedicated to USB and Bluetooth communications and a secure microcontroller dedicated to running all security features. You may read about the rationale behind this choice here. The device microcontrollers communicate with each other using a high speed serial link.
Auxiliary MCU Firmware Features
The auxiliary microcontroller mostly provides communication features.
USB Communications
Our USB interface provides three communication channels:
- A keyboard HID interface for the Mooltipass Mini BLE to simulate keypresses
- A custom HID interface for Mooltipass communications
- A FIDO2 HID interface to support password-less authentication
BLE Communications
The Mooltipass Mini BLE uses the ATBTLC1000 to provide Bluetooth Low Energy connectivity. It currently provides two communication channels:
- A keyboard HID interface for the Mooltipass Mini BLE to simulate keypresses
- A custom HID interface for Mooltipass communications
BLE Communications: Help Needed!
It is in our plans to provide two additional communication channels for Bluetooth:
- One for FIDO2 features
- One to provide communcation with a mobile app providing autofill services for Android and iOS
Main MCU Firmware Features
Graphical User Interface
Our user interface is the fruit of several years of work. It includes:
- Update files, language strings, font files, bitmap files and keyboard files bundle storage in external flash
- A read-only file system for parsing that bundle file: custom_fs.c
- 256x64x4bpp SH1122-based OLED screen support, with internal frame buffer: sh1122.c
- Run-length graphical files decoding: custom_bitsteam.c
- Unicode Basic Multilingual Plane support
- Multiple languages support on device
- Language-based fonts support
User Database
Our database model is documented here. Its main characteristics are:
- Multiple doubly linked list-based credential and file storage
- Parent (services) - Child (credentials) structure
- Credential categories support
- Credential favorites support
- Webauthn custom credential type
At the time of writing, the Mini BLE can handle logins & passwords up to 64 unicode characters long.
Manual Credential Typing
Mooltipass devices can simulate key presses in order to type logins & passwords onto the computer they're connected to. As the "byte sent on the wire" to "actual character typed on the computer" conversion is handled by the computer itself, that meant the Mooltipass devices need to handle multiple keyboard layouts.
For the Mooltipass Mini BLE, we are parsing the CLDR to make sure we can type text on any device.
Authentication Features
The Mooltipass team selected BearSSL for cryptographic routines. The remaining code was made from the ground up. The Mooltipass Mini BLE includes the following authentication features:
- Standard login/password authentication, by key presses or with its own communication channel
- Webauthn / FIDO2 password-less authentication
- TOTP second factor authentication
Note Worthy Items
Creating these firmwares from the ground up allowed us to create a smooth user-experience, tailored to privacy-minded indviduals. Here are some things that are worth mentioning:
- All transfers to peripherals, displays and MCUs are DMA-based
- A custom NiMH charging algorithm was implemented
- An accelerometer is used as a source of entropy
- All source code is doxygen-style documented
Device Emulator
Device emulators are available for Windows and Ubuntu. Together with Moolticute, you will be able to test our complete ecosystem without a physical device.
Contributing to the Mooltipass Firmware
The Mooltipass team welcomes contributions from open source enthusiasts!
Features requested by Mooltipass users can easily be seen by clicking on this link.
If you have even more spare time to contribute, the Mooltipass team is actively looking for contributors to:
- add a Bluetooth FIDO2 communication channel
Depending on the task, we could ship you one of our developpement boards (shown above), or you could also develop using our device emulator. Do not forget to review our contributing guidelines!
Adding a New Language to the Mini BLE
The following languages are currently supported:
- English
- Catalan
- German
- French
- Italian
- Croatian
- Dutch
- Portuguese
- Spanish
- Slovene
- Finnish
If your language is not listed, get in touch with us to then be able to follow these instructions.
Keeping in Touch
Get in touch with the development team and other Mooltipass enthuasiasts on our Mooltipass IRC channel: #mooltipass on irc.libera.chat
Licenses
